Re: [W3af-develop] Generic auth plugin

Sat, 22 Oct 2011 04:56:31 -0700 

Taras,

On Wed, Oct 19, 2011 at 5:18 AM, ox...@oxdef.info <ox...@oxdef.info> wrote:
>
> I just has commited generic auth plugin [0].
> It can be used in most cases with simple auth form (username/password). Will 
> be glad to read feedback from you!

    I think that the auth plugins are going to give lots of power to
the advanced users, they look very clean and I hope users will dig the
idea. Here are some comments about the code:

        * "except Exception, e:" , I would recommend doing a more
specific error handling if possible.
        * o5 = option('auth_url', self.auth_url, d5, 'string') and o6,
I think that you can change 'string' with 'url', and you'll get better
error handling
        * "This auth plugin can logging in to generic-passport" , help
is too short, I would expand that A LOT in order to explain what the
plugin does and how it does it.
        * Header is missing

    And how is this plugin used? When is login() / is_logged() /
logout() called?

> [0] 
> https://w3af.svn.sourceforge.net/svnroot/w3af/branches/auth-plugins/plugins/auth/generic.py
> [1] 
> https://w3af.svn.sourceforge.net/svnroot/w3af/branches/auth-plugins/scripts/script-auth_generic.w3af
>
> --
> Taras
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure contains a
> definitive record of customers, application performance, security
> threats, fraudulent activity and more. Splunk takes this data and makes
> sense of it. Business sense. IT sense. Common sense.
> http://p.sf.net/sfu/splunk-d2d-oct
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>



-- 
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af

------------------------------------------------------------------------------
The demand for IT networking professionals continues to grow, and the
demand for specialized networking skills is growing even more rapidly.
Take a complimentary Learning@Cisco Self-Assessment and learn 
about Cisco certifications, training, and career opportunities. 
http://p.sf.net/sfu/cisco-dev2dev
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Reply via email to